CVE-2020-26154 – libproxy: sending more than 102400 bytes in PAC without a Content-Length present could result in buffer overflow
https://notcve.org/view.php?id=CVE-2020-26154
url.cpp in libproxy through 0.4.15 is prone to a buffer overflow when PAC is enabled, as demonstrated by a large PAC file that is delivered without a Content-length header. El archivo url.cpp en libproxy versiones hasta 0.4.15, es propenso a un desbordamiento del búfer cuando PAC está habilitado, como es demostrado por un archivo PAC grande que es entregado sin un encabezado Content-length • http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00030.html http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00033.html https://bugs.debian.org/968366 https://github.com/libproxy/libproxy/pull/126 https://lists.debian.org/debian-lts-announce/2020/11/msg00024.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3BID3HVHAF6DA3YJOFDBSAZSMR3ODNIW https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WZVZ • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-121: Stack-based Buffer Overflow •
CVE-2020-25219 – libproxy: uncontrolled recursion via an infinite stream response leading to stack exhaustion
https://notcve.org/view.php?id=CVE-2020-25219
url::recvline in url.cpp in libproxy 0.4.x through 0.4.15 allows a remote HTTP server to trigger uncontrolled recursion via a response composed of an infinite stream that lacks a newline character. This leads to stack exhaustion. La función url::recvline en el archivo url.cpp en libproxy versiones 0.4.x hasta 0.4.15, permite a un servidor HTTP remoto activar una recursividad no controlada por medio de una respuesta compuesta por una transmisión infinita que carece de un carácter newline. Esto conlleva al agotamiento de la pila. A flaw was found in libproxy in versions 0.4 through 0.4.15. • http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00030.html http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00033.html https://github.com/libproxy/libproxy/issues/134 https://lists.debian.org/debian-lts-announce/2020/09/msg00012.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CNID6EZVOVH7EZB7KFU2EON54CFDIVUR https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JF5JSONJNO64ARWRVOS6K6HSIPHEF3H2 https://lists • CWE-674: Uncontrolled Recursion •
CVE-2012-5580
https://notcve.org/view.php?id=CVE-2012-5580
Format string vulnerability in the print_proxies function in bin/proxy.c in libproxy 0.3.1 might allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in a proxy name, as demonstrated using the http_proxy environment variable or a PAC file. Una vulnerabilidad de cadena de formato en la función print_proxies en bin/proxy.c en libproxy 0.3.1 podría permitir a atacantes dependientes del contexto causar una denegación de servicio (caída) y posiblemente ejecutar código arbitrario a través de especificadores de cadenas de formatos en un nombre de proxy, tal y como fue demostrado mediante el uso de la variable de entorno http_proxy o un fichero PAC. • http://www.securityfocus.com/bid/56712 https://bugzilla.novell.com/show_bug.cgi?id=791086 https://bugzilla.redhat.com/show_bug.cgi?id=883100 https://code.google.com/p/libproxy/source/detail?r=475 https://exchange.xforce.ibmcloud.com/vulnerabilities/80340 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2012-4504
https://notcve.org/view.php?id=CVE-2012-4504
Stack-based buffer overflow in the url::get_pac function in url.cpp in libproxy 0.4.x before 0.4.9 allows remote servers to have an unspecified impact via a large proxy.pac file. Desbordamiento de búfer basado en pila en la función url::get_pac en url.cpp en libproxy v0.4.x antes de v0.4.9 permite que los servidores remotos tengan un impacto no especificado a través de un archivo proxy.pac grande. • http://code.google.com/p/libproxy/source/detail?r=853 http://lists.opensuse.org/opensuse-updates/2012-10/msg00065.html http://secunia.com/advisories/51048 http://www.openwall.com/lists/oss-security/2012/10/12/1 http://www.openwall.com/lists/oss-security/2012/10/12/5 http://www.openwall.com/lists/oss-security/2012/10/16/3 http://www.securityfocus.com/bid/55909 http://www.ubuntu.com/usn/USN-1629-1 https://bugzilla.redhat.com/show_bug.cgi?id=864417 http • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2012-4505 – libproxy: PAC handling insufficient content length check leading to buffer overflow
https://notcve.org/view.php?id=CVE-2012-4505
Heap-based buffer overflow in the px_pac_reload function in lib/pac.c in libproxy 0.2.x and 0.3.x allows remote servers to have an unspecified impact via a crafted Content-Length size in an HTTP response header for a proxy.pac file request, a different vulnerability than CVE-2012-4504. Desbordamiento de búfer basado en memoria dinámica en la función px_pac_reload en lib/pac.c en libproxy v0.2.x y v0.3.x permite que los servidores remotos tengan un impacto no especificado a través de un tamaño Content-Length modificado en un encabezado de respuesta HTTP para una solicitud de archivo proxy.pac, una vulnerabilidad diferente a CVE-2012-4504. • http://lists.opensuse.org/opensuse-updates/2012-10/msg00065.html http://rhn.redhat.com/errata/RHSA-2012-1461.html http://secunia.com/advisories/51048 http://secunia.com/advisories/51180 http://secunia.com/advisories/51308 http://www.debian.org/security/2012/dsa-2571 http://www.openwall.com/lists/oss-security/2012/10/12/1 http://www.openwall.com/lists/oss-security/2012/10/12/5 http://www.openwall.com/lists/oss-security/2012/10/16/3 http://www.securityfocus& • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •